Even if all the accounts have passwords, if you allow ftp and telnet and
rsh, etc, you are still in danger of hackers' attacks. I think this have
been pointed out before on this list. In fact if your password file is
readable at all (as usual) hackers have a way to crack your root password.
We are using secure shell and shadow passwords here, so that the
communications are encrypted and the password-containing file is only
readable to root. This is done in addition to installing the SGI patches
obtained from SGI website. I would recommend to get help from local UNIX
experts to patch up the systems really good, and then enforce a password
change for all users. I did and now feels much safer.
Best Regards,
Jiejun
>
>On Feb 4, 5:33pm, John Chung wrote:
>> Subject: hackers on bruker SGIs
>>
>> Howdy
>>
>> Just wanted to let the Bruker users community know that the O2's
>> and some Indy's that come as defaults on the newer Avance machines
>> have security holes in the password file which have allowed some
>> hacker to get into 3 of our Avance machines recently (two O2's on
>> DRX and one Indy on DMX) as the login
>>
>> lp
>>
>> No damage seems to have been done, and we even have the IP address
>> of where the person came from (probably a temporary/anon account on the
>> uu.net ISP and not worth trying to pursue who exactly it was), but
>> the person had given the lp login passwords (i.e., created him/herself
>> a backdoor).
>> In case you're wondering how we know this, you can do
>> cd /var/adm
>> last
>> and look for login as username 'lp'
>> you can also do
>> last -f OLDwtmp
>> last -f OLDwtmpx
>> to look at older logins (see manpages on last)
>>
>> I advise people with Bruker supplied SGI boxes to at least check
>> the /etc/passwd files (do a simple 'grep ::') to see if there are
>> any lines without passwords (nuucp is another that had no password).
>> Put in a simple * in the blank password fields.
>>
>> Our system admin gurus installed a number of patches on all these
>> newer machines. In case you're interested, they're summarized below.
>>
>> John Chung
>> The Scripps Research Institute
>>
>> ---------
>>
>> The patches on O2 (IRIX 6.3) from the 'versions -b' command are:
>>
>> I patchSG0001695 01/29/99 Patch SG0001695: Fix License Manager
>security hole by removing setuid program
>> I patchSG0002044 01/29/99 Patch SG0002044: rld rollup #7 for 6.2,
>6.3, and 6.4: pthreads+security
>> I patchSG0002133 01/29/99 Patch SG0002133: talkd security
>> I patchSG0002168 01/29/99 Patch SG0002168: Fix for lpd lock file
>access for IRIX 6.3
>> I patchSG0002213 01/29/99 Patch SG0002213: IRIX 6.2/6.3/6.4 ordist
>Security
>> I patchSG0002792 01/29/99 Patch SG0002792 : pset security
>vulnerability
>> I patchSG0002869 01/29/99 Patch SG0002869: Netware Client fixes for
>IRIX 6.3
>> I patchSG0003068 01/29/99 Patch SG0003068: Cgi script security
>vulnerability
>> I patchSG0003144 01/29/99 Patch SG0003144: xterm security fix
>> I patchSG0003394 01/29/99 Patch SG0003394: mail security fix
>>(for 6.3
>and 6.4)
>>
>>
>> And for Indy (IRIX 5.3)
>>
>> I patchSG0001685 01/29/99 Patch SG0001685 : netprint security patch
>for IRIX 5.3 and 6.1
>> I patchSG0002132 01/29/99 Patch SG0002132: talkd security
>> I patchSG0002176 01/29/99 Patch SG0002176: pset security
>>vulnerabilty
>> I patchSG0002212 01/29/99 Patch SG0002212: IRIX 5.3 ordist security
>> I patchSG0002216 01/29/99 Patch SG0002216: login/scheme fix for
>buffer overrun security issue and LOCKOUT option
>> I patchSG0002228 01/29/99 Patch SG0002228: Security patch for eject
>> I patchSG0003142 01/29/99 Patch SG0003142: xterm wtmp and security
>fixes
>> I patchSG0003189 01/29/99 Patch SG0003189 ISO9660 reading and
>security fixes
>>
>>
>>
>> ---------------------------
>> chung@scripps.edu
>> ---------------------------
>>-- End of excerpt from John Chung
>
>
>
>--
>_____________________________________________________________________
>
>Gary Strahan, Ph.D. strahan@mmiris.ab.umd.edu
>Department of Pharmaceutical Sciences Phone: USA-410-706-3118
>University of Maryland at Baltimore FAX: USA-410-706-0346
>_____________________________________________________________________
>
>
> Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B)
> This email address may not be added to any commercial mail
> list with out my permission. Violation of my privacy with
> advertising or SPAM will result in a suit for a MINIMUM of
> $500 damages/incident, $1500 for repeats.
----------
Dr. Jiejun Wu
Dept. of Chemistry (949)824-6010 (office)
516 Physical Sciences 1 (949)824-5649 (lab)
Univ. of California, Irvine (949)824-8571 (fax)
Irvine, CA 92697-2025 jwu@uci.edu (internet)